<?php
if($admin->isAdmin("admin", "ladmin") == true) {
	if($_POST['settings-add']) {
		$bad = 0;
		if($_POST['new-name'] == "") {
			$output .= $admin->message('error', 'Fill in all the boxes', 'You left the setting name blank');
			$bad = 1;
		}
		if($_POST['new-desc'] == "") {
			$output .= $admin->message('error', 'Fill in all the boxes', 'You left the setting description blank');
			$bad = 1;
		}
		if($bad == 0) {
			$sql = "INSERT into ".DBTABLEPREFIX."settings_site (settingname, description, value, custom) VALUES ('".$_POST['new-name']."', '".$_POST['new-desc']."', '".$_POST['new-value']."', 'custom')";
			$query = $admin->db_query($sql) or die($add_setting .= $admin->message('error', 'MySQL Error', mysql_error()));
			if($query){
				$output .= $admin->message('success', 'Added New Setting', 'It will be listed under custom settings.');
			}
		}
	}
	if($_POST['settings-update']) {
		foreach ($_POST as $posted => $posted2) {
			if($posted != "pageid") {
				$posted = mysql_real_escape_string($posted);
				$posted = str_replace("----", " ", $posted);
				$sql = "UPDATE ".DBTABLEPREFIX."settings_site SET value = '$posted2' WHERE settingname = '$posted'";
				$query = $admin->db_query($sql) or die(mysql_error());
			}
		}
		if(!$query){
			$output .= $admin->message('error', 'Unknown Error', 'An unknown error has occurred. Sorry.');
		}
		$output .= $admin->message('success', 'Settings Updated', 'All your settings have been applied. Congrats!');
	}
	if($_POST['custom-settings-update']) {
		foreach ($_POST as $posted => $posted2) {
			if($posted != "pageid") {
				$posted = mysql_real_escape_string($posted);
				$posted = str_replace("-", " ", $posted);
				$sql = "UPDATE ".DBTABLEPREFIX."settings_site SET value = '$posted2' WHERE settingname = '$posted'";
				$query = $admin->db_query($sql) or die(mysql_error());
			}
		}
		if(!$query){
			$output .= $admin->message('error', 'Unknown Error', 'An unknown error has occurred. Sorry.');
		}
		$output .= $admin->message('success', 'Settings Updated', 'All your settings have been applied. Congrats!');
	}
	$add_setting .= '
				<form method="post" action="admin.php?page=settings" id="form-new-setting">
					<fieldset>
						<h2>New Setting</h2>
						<p>You can use this to add a new setting to customize your site.</p><p>You can access this setting in your templates via
						 <code>[--$settings.Setting_Name_With_Underscores_Instead_Of_Spaces.value--]</code></p>
						<div class="form-row">
							<label for="new-name">Setting Name</label>
							<span>
								<input type="text" name="new-name" class="new-name alphanumeric" value="" />
							</span>
						</div>
						<div class="form-row">
							<label for="new-desc">Setting Description</label>
							<span>
								<input type="text" name="new-desc" class="new-desc" value="" />
							</span>
						</div>
						<div class="form-row">
							<label for="new-value">Value</label>
							<span>
								<input type="text" name="new-value" class="new-value" value="" />
							</span>
						</div>
						<div class="form-row form-row-last">
							<label for="save">Save</label>
							<span>
								<input type="submit" class="submit" name="settings-add" value="Add Setting" />
							</span>
						</div>
					</fieldset>
				</form>
	';
	$sql = "SELECT * FROM ".DBTABLEPREFIX."settings_site WHERE custom = 'custom' ORDER BY id";
	$settings = $admin->db_query($sql) or die(mysql_error());
	$num_rows = mysql_num_rows($settings);
	if($num_rows > 0) {
		while($srow = mysql_fetch_array($settings)) {
				$cf = $cf."<div class='form-row'><label for='".$srow['settingname']."'>".$srow['settingname']."\n<span class='small gray'>".stripslashes($srow['description'])."</span></label>";
				$srow['settingname'] = str_replace(" ", "-", $srow['settingname']);
				$cf = $cf."<span><input type='text' name='".stripslashes($srow['settingname'])."' id='".stripslashes($srow['settingname'])."' value='".stripslashes($srow['value'])."'/></span></div>";
		}
		$custom .= '
					<form method="post" action="" id="form-custom-settings">
						<fieldset>
							<h2>Change Custom Settings</h2>
							'.$cf.'
							<input type="hidden" style="display:none" name="pageid" value="'.$pageid.'" />
							<div class="form-row form-row-last">
								<label for="save">Save</label>
								<span>
									<input type="submit" class="submit" name="settings-custom-update" value="Save" />
								</span>
							</div>
						</fieldset>
					</form>
		';
	}
	else {
		$custom .= '
					<form method="post" action="" id="form-custom-settings">
						<fieldset>
							<h2>Change Custom Settings</h2>
							'.$admin->message('error', "You don't have any custom settings","You can add one above").'
							<input type="hidden" style="display:none" name="pageid" value="'.$pageid.'" />
							<div class="form-row form-row-last">
								<label for="save">Save</label>
								<span>
									<input type="submit" class="submit" name="settings-custom-update" value="Save" disabled="disabled" />
								</span>
							</div>
						</fieldset>
					</form>
		';
	}
	$sql = "SELECT * FROM ".DBTABLEPREFIX."settings_site ORDER BY id";
	$settings = $admin->db_query($sql) or die(mysql_error());
	$homepage = $admin->getSetting('Home Page Id');
	while($srow = mysql_fetch_array($settings)) {
		if($srow['custom'] == 'custom') {
		}
		else {
			$settings_form = $settings_form."<div class='form-row'><label for='".$srow['settingname']."'>".$srow['settingname']."\n<span class='small gray'>".stripslashes($srow['description'])."</span></label>";
			if($srow['settingname']=="Theme" || $srow['settingname']=="Clean Urls" || $srow['settingname']=="Home Page Id") {
				if($srow['settingname']=="Theme") {
					//define the path as relative
					$path = BASE_URL."themes/";
					$settings_form = $settings_form."\n";
					$settings_form = $settings_form."<span><select name='Theme' id='Theme'>";
					//using the opendir function
					$dir_handle = @opendir($path) or die("Unable to open $path");


					//running the while loop
					while ($file = readdir($dir_handle)) 
					{
						if($file!="." && $file!="..") {
							$settings_form = $settings_form."<option value='".$file."'";
							if($file == $srow['value']) {
								$settings_form = $settings_form.' selected="selected"'.'>'.$file.' (current theme)';
							}
							else {
								$settings_form = $settings_form.'>'.$file.'</option>';
							}
						}
					}

					//closing the directory
					closedir($dir_handle);
					$settings_form = $settings_form."</select></span></div>\n";
				}
				
				if($srow['settingname']=="Clean Urls"){
					$settings_form = $settings_form."<span><select name='Clean----Urls' id='Clean----Urls'>
					<option value='Enabled'";
					if($srow['value']=="Enabled") {
						$settings_form = $settings_form." selected='selected'";
					}
					$settings_form = $settings_form.">Enabled</option>
					<option value='Disabled'";
					if($srow['value']=="Disabled") {
						$settings_form = $settings_form." selected='selected'";
					}
					$settings_form = $settings_form.">Disabled</option>
					</select></span></div>\n";
				}
				if($srow['settingname']=="Home Page Id"){
					$list = $theme->buildNavArray();
					$secondary_list = $theme->arraySecondaryNavigation();
					$settings_form .= <<<EOT
					<span>
										<select name="Home----Page----Id">
											<optgroup label="Main Menu">
												<option value="">None (Root Item)</option>
												{$theme->optionListFromArray($list, "", $homepage)}
											</optgroup>
											<optgroup label="Secondary Optional Menu">
												<option value="">None (Root Item)</option>
												{$theme->optionListFromArray($secondary_list, "", $homepage)}
											</optgroup>
										</select>
					</span></div>
					
EOT;
				}
			}
			else {
				$srow['settingname'] = str_replace(" ", "----", $srow['settingname']);
				$settings_form = $settings_form."<span><input type='text' name='".stripslashes($srow['settingname'])."' id='".stripslashes($srow['settingname'])."' value='".stripslashes($srow['value'])."'/></span></div>\n";
			}
		}
	}
	$output_settings .= '
				<form method="post" action="" id="form-settings">
					<fieldset>
						<h2>Change Standard Settings</h2>
						'.$settings_form.'
						<input type="hidden" style="display:none" name="pageid" value="'.$pageid.'" />
						<div class="form-row form-row-last">
							<label for="save">Save</label>
							<span>
								<input type="submit" class="submit" name="settings-update" value="Save" />
							</span>
						</div>
					</fieldset>
				</form>
	';
	$jump = '				<form method="post" action="admin.php?page=settings" id="form-new-setting">
					<fieldset>
						<h2>Jump To:</h2>
						<p>Need to get somewhere fast?</p>
						<ul>
							<li><a href="#form-new-setting">Add New Setting</a></li>
							<li><a href="#form-custom-settings">Change Custom Settings</a></li>
							<li><a href="#form-settings">Change Standard Settings</a></li>
						</ul>
					</fieldset>
				</form>';
}
else {
	$output .= $admin->message('error', "You don't have sufficent permissions.", "You need to be an Admin or a Low-Level Admin to access this page.");
}

$admin->page_info['content']['page_title'] = "Change Settings";
$admin->page_info['content']['page_content']	= $jump.$output.$output_settings.$add_setting.$custom;
//Display page
include(BASE_URL.'includes/admin/admin.php');
?>